Preparing for the FACT Act: A To-Do List (Activity List)

During the next six to ten months, the FACT Act provisions will continue to take effect. While many of the new requirements will have the most impact on consumer reporting agencies (credit bureaus), financial institutions will have a lot to do. Each time new compliance laws take effect, compliance professionals observe that this is the biggest one yet. With the FACT Act, that observation is definitely true.

The FACT Act presents a wide array of challenges, not unlike Y2K. The coming changes will affect all departments in the institution. It will dictate changes in most procedures, especially credit underwriting, marketing, security, and operations. There is no single place for the FACT Act to sit. Management of the new requirements will require teamwork and matrix management - in short, a classic compliance exercise.

Unlike more focused compliance laws such as the Truth-Ins, the FACT Act permeates the entire organization and touches almost every way of doing business. There isn't a single process to be concerned with such as calculating an APR or APY. There isn't a single point of occurrence to manage such as providing disclosures. Instead, FACT Act procedures have bits and pieces that will have to be inserted throughout almost everything.

To help you get started, we have compiled a list of activities that you (or someone) will have to pursue - probably at top speed - to get things into place. These are ideas and suggestions. You will need to adapt your approach to the situation in your institution, taking into account existing procedures, existing products, resources, staff, and stress levels. Good luck!

Tracking and disposing of credit bureau report information.
FACTA will require timely destruction or disposal of all information taken from consumer credit reports. This includes not only the copy of the report itself, but information that has been lifted from the report and placed in other documents, such as underwriting worksheets, credit memos and even adverse action notices. Start immediately with a team from lending to determine where all this information may end up. Then develop a plan for disposing of it. Be sure to take other record retention requirements, such as 12 CFR 202.12 into account.

Prepare procedures for identity theft flags and active duty flags.
At least two processes will be needed. First, a process must be in place to implement required actions or inactions when a credit report contains an identity theft flag. These include placing stops or special controls on changes of address, credit line increases, and issuances of new or additional cards. Treatment of identity theft flags should be included in all your underwriting processes.

Second, you will need a procedure for placing flags when the customer contacts you directly. These flags must be placed on all account relationships that could be subject to identity theft - in short, all of them. As with Y2K, one message from a consumer may require many actions in different parts of the institution.

Study loan pricing and prepare risk-based pricing notices.
First, you need to determine whether your institution actually uses risk based pricing. If so, draw up a list of products, conditions, and how the risk-based pricing works. You now have two choices. The institution can choose to stop any risk-based pricing (and simply not make some loans that it considers too risky for the rates being charged) or you can choose to implement risk-based pricing notices.

Risk-based pricing notices can be handled two ways. You can send every applicant an explanation of how the pricing works, or you can identify which customers meet the yet-to-be determined definition of those who should receive the notice. Then you'll need procedures to identify and send these notices.

Review and update your notifications forms and procedures.
FACTA is going to make Regulation B's adverse action notices look simple. Use of a credit score and the risk-based pricing notices make significant changes to the credit action notification process. Then there are additional notices to existing customers that negative information has been sent or may be sent to the credit bureau. This may mean a complete overhaul of notices that may be sent to customers.

Responding to consumer questions about account history.
Once consumers have easier access to their credit histories, creditors can expect more questions about the content. There may be questions about how or why something was reported as well as challenges to the accuracy of what was reported. In all situations, customer service must anticipate this increase. The industry's reputation will improve with good responses and suffer from poor responses. Branch staff and anyone who may field the phone calls must be trained and ready.

Investigate error allegations.
Error investigation requests will be coming from two sources, through the credit bureau and directly from consumers. Whatever the source, investigations must be prompt and thorough. This is the time to review how your institution accepts and responds to consumer complaints, including those with regulatory mandates such as Regulations Z and E. Establish an entry point for the error allegations, and a process for investigating and responding to them. Include controls for time spent to resolve the investigations.

Copyright © 2004 Compliance Action. Originally appeared in Compliance Action, Vol. 9, No. 8, 8/04